summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDmitri Pal <dpal@redhat.com>2010-12-26 19:46:15 -0500
committerDmitri Pal <dpal@redhat.com>2011-01-03 15:00:43 -0500
commit87be7cfc4b8cc143a582a38a0d024e166d91df35 (patch)
tree57c5be490545cb2b75bf35f5280da58b6a7a1ffe
parent7030e51bb22e62e6f5d63b0faa923d2151336818 (diff)
downloadding-libs-87be7cfc4b8cc143a582a38a0d024e166d91df35.tar.gz
ding-libs-87be7cfc4b8cc143a582a38a0d024e166d91df35.tar.xz
ding-libs-87be7cfc4b8cc143a582a38a0d024e166d91df35.zip
[INI] Check access function
Added check access constants and the check access function. The function is effectively copied from ini_metadata.c The flags are copied from ini_config.h
Diffstat
-rw-r--r--ini/ini_configobj.h35
-rw-r--r--ini/ini_fileobj.c75
2 files changed, 110 insertions, 0 deletions
diff --git a/ini/ini_configobj.h b/ini/ini_configobj.h
index 8984402..eccad71 100644
--- a/ini/ini_configobj.h
+++ b/ini/ini_configobj.h
@@ -104,6 +104,41 @@
*/
/**
+ * @defgroup accesscheck Access control check flags
+ *
+ * @{
+ */
+
+/**
+ * @brief Validate access mode
+ *
+ * If this flag is specified the mode parameter
+ * will be matched against the permissions set on the file
+ * using the provided mask.
+ */
+#define INI_ACCESS_CHECK_MODE 0x00000001
+
+/**
+ * @brief Validate uid
+ *
+ * Provided uid will be checked against uid
+ * of the file.
+ */
+#define INI_ACCESS_CHECK_UID 0x00000002
+
+/**
+ * @brief Validate gid
+ *
+ * Provided gid will be checked against gid
+ * of the file.
+ */
+#define INI_ACCESS_CHECK_GID 0x00000004
+
+/**
+ * @}
+ */
+
+/**
* @defgroup collisionflags Flags that define collision resolution logic.
*
* @{
diff --git a/ini/ini_fileobj.c b/ini/ini_fileobj.c
index c10b4bf..93a9372 100644
--- a/ini/ini_fileobj.c
+++ b/ini/ini_fileobj.c
@@ -406,3 +406,78 @@ const char *ini_config_get_filename(struct ini_cfgfile *file_ctx)
TRACE_FLOW_EXIT();
return ret;
}
+
+
+/* Check access */
+int ini_config_access_check(struct ini_cfgfile *file_ctx,
+ uint32_t flags,
+ uid_t uid,
+ gid_t gid,
+ mode_t mode,
+ mode_t mask)
+{
+ int error = EOK;
+
+ TRACE_FLOW_ENTRY();
+
+ flags &= INI_ACCESS_CHECK_MODE |
+ INI_ACCESS_CHECK_GID |
+ INI_ACCESS_CHECK_UID;
+
+ if ((file_ctx == NULL) || (flags == 0)) {
+ TRACE_ERROR_NUMBER("Invalid parameter.", EINVAL);
+ return EINVAL;
+
+ }
+
+ /* Check mode */
+ if (flags & INI_ACCESS_CHECK_MODE) {
+
+ TRACE_INFO_NUMBER("File mode as saved.",
+ file_ctx->file_stats.st_mode);
+
+ file_ctx->file_stats.st_mode &= S_IRWXU | S_IRWXG | S_IRWXO;
+ TRACE_INFO_NUMBER("File mode adjusted.",
+ file_ctx->file_stats.st_mode);
+
+ TRACE_INFO_NUMBER("Mode as provided.", mode);
+ mode &= S_IRWXU | S_IRWXG | S_IRWXO;
+ TRACE_INFO_NUMBER("Mode adjusted.", mode);
+
+ /* Adjust mask */
+ if (mask == 0) mask = S_IRWXU | S_IRWXG | S_IRWXO;
+ else mask &= S_IRWXU | S_IRWXG | S_IRWXO;
+
+ if ((mode & mask) != (file_ctx->file_stats.st_mode & mask)) {
+ TRACE_INFO_NUMBER("File mode:", (mode & mask));
+ TRACE_INFO_NUMBER("Mode adjusted.",
+ (file_ctx->file_stats.st_mode & mask));
+ TRACE_ERROR_NUMBER("Access denied.", EACCES);
+ return EACCES;
+ }
+ }
+
+ /* Check uid */
+ if (flags & INI_ACCESS_CHECK_UID) {
+ if (file_ctx->file_stats.st_uid != uid) {
+ TRACE_ERROR_NUMBER("GID:", file_ctx->file_stats.st_uid);
+ TRACE_ERROR_NUMBER("GID passed in.", uid);
+ TRACE_ERROR_NUMBER("Access denied.", EACCES);
+ return EACCES;
+ }
+ }
+
+ /* Check gid */
+ if (flags & INI_ACCESS_CHECK_GID) {
+ if (file_ctx->file_stats.st_gid != gid) {
+ TRACE_ERROR_NUMBER("GID:", file_ctx->file_stats.st_gid);
+ TRACE_ERROR_NUMBER("GID passed in.", gid);
+ TRACE_ERROR_NUMBER("Access denied.", EACCES);
+ return EACCES;
+ }
+ }
+
+ TRACE_FLOW_EXIT();
+ return error;
+
+}
generated by cgit (git 2.34.1) at 2024-04-26 03:19:13 +0000